Security

Extras

RuneScape 'Real World Trading Account Notice' Phishing Scam

Outline
Email purporting to be from Jagex, owners of popular online game RuneScape, claims that recipients have violated the company's legal policies by trading virtual items outside of the game environment or transferring an account . The message warns that offending accounts will be disabled if recipients do not click a link and fill in a "security form".

Brief Analysis
The email is not from Jagex and the claims that the recipient has violated a RuneScape player agreement is untrue. The message is a phishing scam designed to steal player login details and other sensitive personal information.

We have strong evidence that you may have attempted a transfer of RuneScape accounts or traded virtual items outside of the game environment.

Real-world trading destroys the economy of RuneScape, violates your agreement with us, and any player that continues to engage in the illegal activity has no place in our community.

All of your accounts, main and otherwise, are now on our watch list and will be monitored for real-world trading. Regardless of who you are or how long you've been with us, if you decide to real-world trade ever again we will have no hesitation in: (1) permanently removing your account from our wonderful community in order to protect Jagex's rights, and (2) naming you as a defendant in Jagex Limited v. John Does, which is a lawsuit based on antitrust law violations that is currently pending in the U.S. District Court for the Central District of California.

If you decide to ignore this email and instead continue Real-World Trading, we (Jagex Ltd) reserve our rights to pursue statutory damages against you for between $200 to $2,500 per act of past, present, and/or future real-world trading in accordance with 18 U.S.C. 1304(Fmg)(2).

In addition, new black marks have been added to your RuneScape account. If left unchallenged your account will be temporarily or permanently disabled.

Please complete the following security form to monitor your account's status or to appeal the infractions you have recieved:

[Link Removed]

Please note: If we do not receive a response from you within 48 hours, we will have no other choice than to disable your account.

Detailed Analysis
According to this message, which purports to be from
Jagex, owners of the popular MMORPG RuneScape, the recipient is suspected of trying to transfer an account or of trading "virtual items outside of the game environment", activities that violate RuneScape's user agreement. The threatening message claims that the player must click a link to complete a security form within 48 hours or risk having his or her account disabled and face further legal action from Jagex

However, the message is not from Jagex. The message is in fact a phishing scam designed to trick RuneScape players into divulging their account login details and other personal information to scammers. Those who fall for the ruse and follow the link will be taken to a bogus website designed to look like a genuine Jagex web page and asked to login to their account. Once they have logged in on the fake page, they will then be asked to supply more personal details via a fake "account status" form. All information supply on the fake website will be harvested by scammers.

Jagex has warned users about this and other such scam attempts via its official forums. With regard to the above scam attempt, one forum posts notes:

We have recently received a large number of notifications from players that they have received emails which appear to be threats of legal action from Jagex.

We like to reassure you all (especially if you have received on of these emails) that they are not real and they were not sent by Jagex

The page also notes that "Jagex will NEVER email you regarding account related issues unless you have specifically requested it. These will always be dealt with via the message centre". If you receive such an email purporting to be from Jagex, do not click on any links or open any attachments that it may contain. Information about how to report such phishing attempts can be found on the RuneScape Support Centre pages.